Memristor TCAMs Accelerate Regular Expression Matching for Network Intrusion Detection

We propose memristor-based TCAMs (Ternary Content Addressable Memory) circuits to accelerate Regular Expression (RegEx) matching through in memory processing of finite automata. RegEx matching is a key function in network security to find malicious actors. However, RegEx matching latency and power can be incredibly high and current proposals are challenged to perform wire-speed matching for large rulesets. Our approach dramatically decreases operating power, enables high throughput, and the use of nanoscale memristor TCAM circuits (mTCAMs) enables compression techniques to expand rulesets. We fabricated and demonstrated nanoscale memristor TCAM cells. SPICE simulations investigate performance at scale and amTCAM dynamic power model using 16nmlayout parameters demonstrates similar to 0.2 fJ/bit/search energy for a 36 x 250 mTCAM array. A tiled architecture is proposed to implement a Snort ruleset and assess application performance. Compared to a state-of-the-art FPGA approach (2 Gbps, similar to 1 W), we show x4 throughput (8 Gbps) at 55% the power (0.55 W) without standard TCAM power-saving techniques. Our performance comparison improves further when striding (searching multiple characters at once) is considered, resulting in 47.2 Gbps at 1.2 W for our approach compared to 3.9 Gbps at 630 mW for strided FPGA NFA, demonstrating a promising path to wire-speed RegEx matching on large scale rulesets.